Hej Poniżej widać prostego firewalla który udostępnia klika serwisów (ssh,http,ftp,smtp). Ale jak to działa chodzi o łańcuch INPUT.
Pierwsze dopasowanie jest tutaj: Firewall-1-INPUT all -- anywhere anywhere Następnie wchodzi do zdefiniowanego łańcucha Firewall-1-INPUT Kolejne tutaj: ACCEPT all -- anywhere anywhere I w tym przypadku powinien akceptować wszystko i nie iść dalej???? Jak to jest ze dalej sprawdza kolejne reguły.? *************************************************************************** # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ***************************************************************************
